1. Field of the Invention
This invention relates in general to methods for determining the authority of an unknown user to access certain function of a computing system and to permit access only to an authorized user. More particularly, this invention relates to a method and apparatus for communicating with a user using a secure access device, such as a universal access card, that may be remotely located across different types of networks, such as telecommunication, financial, wireless, satellite, Internet, wide area, local, and dedicated lines, and to determine the authority of an unknown user, such as by identifying, verifying, and/or authenticating the user, to permit user access to secured access functions of a computing system.
2. Description of the Prior Art
Conventional computing systems typically accept user entered information, such as a password, or a Personal Identification Number (PIN), to identify an authorized user before permitting the user to access certain secured functions in the computer system. Users typically type the information on a keyboard or keypad at a computer terminal device or at a telephone. Additionally, users may carry magnetic strip cards which can be swiped through a card reader terminal to identify some secure information encoded into the magnetic strip for identifying the user to a system that is remotely coupled to the card reader terminal. In the past, conventional systems have used the password, and optionally in combination with receiving information from a magnetic strip card, as a means of identifying an authorized user before permitting access to certain secured functions of the system.
For example, a financial communication system that permits certain transactions with user's funds may permit access after a user enters a magnetic strip card into a card reader and further enters a PIN on a keypad provided at an automatic teller machine, for example. The use of such a magnetic strip card unfortunately requires a special terminal device to read the card at each location where the magnetic strip card is to be used. Further, the magnetic strip on a magnetic strip card can easily be read by a hand held reader device that is becoming commonly available among criminals. The criminals can then use this information to create fraudulent transactions using the victim's account at the financial institution to pay for goods and services that were never authorized by the true authorized user of the account.
Additionally, users are reluctant to give out their PIN number to be able to use their card with a card reader because the PIN number, or similar password, is easily observed and captured by a thief while an authorized user utilizes the card, such as using a keypad to enter the secret code during a transaction at a point of sale. As another example, telephone cards are regularly used by travelers to access their accounts and place long distance telephone calls. The user enters a PIN or pass code on the telephone keypad to access certain secured functions pertaining to their account. It is common today to have spotters watch telephone callers using public telephones and to capture the secret pass code from an unwary traveler. The criminal then distributes this secret code to confederates and associates that use it to access the telephone system and place long distance calls that, unfortunately, end up being paid by the service provider or the unwary traveler. Therefore, using a simple PIN or passcode alone to protect access to secured functions of a system is becoming undesirable by consumers and service providers. Therefore, it is unfortunate that a more secure, yet user friendly, method and apparatus for accessing secured functions of a system has not been available.
Accordingly, there is a need for a method and apparatus to eliminate those specific disadvantages of the prior art as discussed above, and particularly to significantly enhance the security of access to system functions by unknown users that may be remotely located relative to the system.